From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 25 Oct 2023 21:04:15 +0000 (+0200)
Subject: cgroup-util: add cg_is_delegated_fd() helper
X-Git-Tag: v255-rc1~129^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6414203cfc68bb4e0cf7f139e48de83e91f8aec1;p=thirdparty%2Fsystemd.git

cgroup-util: add cg_is_delegated_fd() helper

This is just like cg_is_delegate() but operates on an fd instead of a
cgroup path.

Sooner or later we should access cgroupfs mostly via fds rather than
paths, but we aren't there yet. But let's at least get started.
---

diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 37f776adbe8..4c825529042 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2263,17 +2263,27 @@ int cg_is_delegated(const char *path) {
         assert(path);
 
         r = cg_get_xattr_bool(path, "trusted.delegate");
-        if (ERRNO_IS_NEG_XATTR_ABSENT(r)) {
-                /* If the trusted xattr isn't set (preferred), then check the
-                 * untrusted one. Under the assumption that whoever is trusted
-                 * enough to own the cgroup, is also trusted enough to decide
-                 * if it is delegated or not this should be safe. */
-                r = cg_get_xattr_bool(path, "user.delegate");
-                if (ERRNO_IS_NEG_XATTR_ABSENT(r))
-                        return false;
-        }
+        if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
+                return r;
 
-        return r;
+        /* If the trusted xattr isn't set (preferred), then check the untrusted one. Under the assumption
+         * that whoever is trusted enough to own the cgroup, is also trusted enough to decide if it is
+         * delegated or not this should be safe. */
+        r = cg_get_xattr_bool(path, "user.delegate");
+        return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
+}
+
+int cg_is_delegated_fd(int fd) {
+        int r;
+
+        assert(fd >= 0);
+
+        r = getxattr_at_bool(fd, /* path= */ NULL, "trusted.delegate", /* flags= */ 0);
+        if (!ERRNO_IS_NEG_XATTR_ABSENT(r))
+                return r;
+
+        r = getxattr_at_bool(fd, /* path= */ NULL, "user.delegate", /* flags= */ 0);
+        return ERRNO_IS_NEG_XATTR_ABSENT(r) ? false : r;
 }
 
 int cg_has_coredump_receive(const char *path) {
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index 1022caf23c9..bfb38305207 100644
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -211,6 +211,7 @@ int cg_rmdir(const char *controller, const char *path);
 int cg_is_threaded(const char *path);
 
 int cg_is_delegated(const char *path);
+int cg_is_delegated_fd(int fd);
 
 int cg_has_coredump_receive(const char *path);